this post was submitted on 26 Mar 2026
129 points (91.6% liked)

Linux

12995 readers
499 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
129
Inside the Systemd Age Verification Debate: Developer Responds to Criticism (itsfoss.com)
submitted 3 days ago by cm0002@europe.pub to c/linux@programming.dev
77 comments fedilink hide all child comments
 

Dylan M. Taylor is not a household name in the Linux world. At least, he wasn’t until recently.

The software engineer and longtime open source contributor has quietly built a respectable track record over the years: writing Python code for the Arch Linux installer, maintaining packages for NixOS, and contributing CI/CD pipelines to various FOSS projects.

But a recent change he made to systemd has pushed him into the spotlight, along with a wave of intense debate.

At the center of the controversy is a seemingly simple addition Dylan made: an optional birthDate field in systemd’s user database.

you are viewing a single comment's thread
view the rest of the comments
[–] andioop@programming.dev 10 points 3 days ago (1 children)

One interesting thought I’ve had is actually that if we strip this signal to websites/apps and do not report an age range at all, but the vast majority of users DO, that actually gives us a more unique and trackable browser fingerprint.

As someone who is not a fan of adding the age field I'm curious what people think of this.

[–] quick_snail@feddit.nl 7 points 2 days ago (2 children)

This is stupid. We block fingerprinting.

Just because some people are fingerprint able doesn't mean all of us should suffer and bend at the knee to unjust laws

[–] IrateAnteater@sh.itjust.works 11 points 2 days ago (2 children)

You can't really "block" fingerprinting. You can obfuscate it a bit, but the fingerprinting process happens server side, not on your device. So whether or not your system sends whatever age verification signal becomes a part of its fingerprint.

[–] fruitcantfly@programming.dev 1 points 2 days ago (1 children)

It's not just server-side: A lot of fingerprinting happens client-side, for example using a canvas to check what features your graphics card supports. You can see this in action via services like https://coveryourtracks.eff.org/ or https://amiunique.org/

[–] IrateAnteater@sh.itjust.works 4 points 2 days ago (1 children)

That's not the fingerprinting happening client side, that's just information supply. Fingerprinting is about what the server does with that information.

[–] Zink@programming.dev 1 points 1 day ago

Yeah, but the countermeasures are client-side because that's what you can control. And some kind FOSS devs out there make it easy to start somewhere decent.

  • Sent from my LibreWolf
[–] quick_snail@feddit.nl -3 points 2 days ago* (last edited 2 days ago) (1 children)

Of course you can block fingerprinting. See Tor Browser. Everyone looks the same.

Or you can change your fingerprint every 30 seconds with a plugin like chameleon.

You know it works when evil sites all ban you because they can't fingerprint you and track you between sessions anymore

[–] IrateAnteater@sh.itjust.works 6 points 2 days ago (2 children)

That's not blocking the fingerprinting, that obfuscating the data. The fact that you are doing that itself becomes part of the fingerprint being built. Services like Tor or Chameleon don't stop the fingerprinting process running, they just make it more difficult (but not impossible) to tie the fingerprint to your actual identity.

[–] quick_snail@feddit.nl 0 points 2 days ago

It's making the fingerprinting efforts useless. Sure, they can do it, but many of us are blocking them from being able to uniquely fingerprint and track us across the internet

[–] FooBarrington@lemmy.world 1 points 2 days ago

It's not stupid insofar that it is an additional fingerprintable data point. But it's obviously still much harder to fingerprint you if many users share the same value that you have, so it is invalid.